Some vulnerabilities have been reported in Nessus, which can potentially allow malicious users to escalate privileges or malicious people to compromise a vulnerable system.
The vulnerabilities are caused due to some boundary errors in the NASL scripting engine when executing specially crafted NASL scripts.
Successful exploitation either requires a valid account on the system and the ability to install arbitrary Nessus plug-ins or that a malicios person is able to trick a user with the nessescary privileges into installing and executing a malicious NASL script.
NOTE: It is not possible for a user to install arbitrary plug-ins by default.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com